Security advisories for vulnerabilities identified by Blue Frost Security.
Multiple bugs are present in WPP code when handling set OID requests, one of them allowing to dereference (read access) an attacker controlled pointer, and the rest causing out of bounds read accesses
A bug present in the Hyper-V (hvix64) hash-table implementation allows to dereference memory near (or belonging to) the hash-table struct object.
A bug present in Hyper-V's (hvix64) emulation handler for VMLAUNCH/VMRESUME allows a malicious L2 hypervisor to trigger a NULL pointer dereference in the L1 hypervisor.
A bug present in the hvix64 module (hypervisor) causes infinite recursion, leading to a stack overflow.
A vulnerability inside the update mechanism was identified which allows an attacker to remotely execute arbitrary code on the target system.
A privilege escalation vulnerability was identified which can be used by a local user to elevate privileges.
A privilege escalation vulnerability was identified which can be used by a local user to elevate privileges.
An analysis engine evasion was identified which allows an attacker to completely bypass FireEye's virtualization-based dynamic analysis on Windows and whitelist arbitrary malicious binaries.
A use-after-free vulnerability was identified which allows the execution of arbitrary code on vulnerable installations of Microsoft Internet Explorer.
Multiple vulnerabilities in OpenSSH were identified that could allow successful authentication as an arbitrary user and thus impersonation of other users.
A use-after-free vulnerability was identified which allows the execution of arbitrary code on vulnerable installations of Microsoft Internet Explorer.